A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
org.jenkins-ci.plugins:apprenda
{ "last_known_affected_version_range": "<= 2.2.0" }